Some months ago I began using the crypt-pw Auth Scheme with my Internic/Network Solutions NIC handle because forging mail to ineternic.net is just too easy and I don't want my domains messed with. On Sep 21, 1999 I notified securityat_private that when doing domain updates with Auth Scheme Crypt-PW, if the clear text password contains spaces, their processing scripts strip out the password up to the first space, and then send off notification emails containing the remainder of the password to the other contacts involved with the domain being updated. I was told my report had been passed on to the developers for a fix. About a month went by and the problem had not been fixed, so I asked about it again. On Oct 26, I was told it was still in the hands of the developers, and it was recommended that I not use a password containing spaces. Today, I sent in some updates, and the probem still has not been fixed. ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:10:36 PDT